SQL DomainAccount added to Local Administrator Group

Last Post 31 Oct 2011 01:19 PM by momoca. 0 Replies.
AddThis - Bookmarking and Sharing Button
Author Messages
New Member
New Member

31 Oct 2011 01:19 PM

I have SSL with SQL Server 2008R2\64bit\MSCS-A\P. I do not wish to have the domain account that is running the SQL Server Services be a member of Local Administrator Group(already SA in SQL instance).  If I revoke both domain accounts from Local Administrator Group then SQL instance won't start with error message in SQL error log said "The server could not load the certificate it needs to initiate an SSL connection. It returned the following error: 0x8009030d. Check certificates to make sure they are valid. Error: 26014, Severity: 16, State: 1. Unable to load user-specified certificate [Cert Hash(sha1) "5D4BC7A27DCD3F9AD8455115B5942AC76A10A4C1"]. The server will not accept a connection. You should verify that the certificate is correctly installed. See "Configuring Certificate for Use by SSL" in Books Online. Error: 17182, Severity: 16, State: 1. TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support. Cannot find object or property. Error: 17182, Severity: 16, State: 1. DSSNIClient initialization failed with error 0x80092004, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors. Cannot find object or property. Error: 17826, Severity: 18, State: 3. Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log. Error: 17120, Severity: 16, State: 1. SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for information about possible related problems. Clearing tempdb database."

I add back both SQL Services domain accounts back to Local Adminsitrator Group then SQL instance restarted successfuly.

What rights/permissions does these SQL Services domain accounts require in order to start SQL Engine and SQL AGENT in Failover Cluster Administrator with an SSL certificate without being member of Local Adminitrator Group due to being member is deviate from company key controls?

Thank you in advance.

Acceptable Use Policy